Despite the sandbox restriction, which prevents one app from
interfering with another, Tsai concedes it might be pretty easy
for a
malicious app to steal personal information from the user, or
as he puts it, create a "privacy data leakage problem."

Another problem is that services like Zeusmos and Kuaiyong bring
a bit of Android's security chaos to the orderly iOS universe.

Android has a problem with malicious apps posing as free versions
of popular paid ones. Dozens have popped up in the official
Google Play store, which is meant to screen out such malware.
"Off-road" markets are rife with them.

Tsai notes that the new services could also be an "interesting
avenue" for attacks on specific companies or organizations.

Both Kauiyong and Zeusmos take advantage of Apple's Developer
Enterprise program, which lets companies create "in-house" apps
for distribution to employees' iOS devices.

Savvy hackers could create a fake in-house app purporting to come
from a major defense contractor, and then send employees an email
instructing them to install it from their laptops or desktops.

The app could then spy on those employees, tracking their
whereabouts with location services and possibly even reading
their emails, texts and Web-browsing histories.

Subscriptions to Developer and Developer Enterprise licenses have
to be renewed every year, at a cost of $100 and $300
respectively. If not, the apps stop working.

Apple's done a remarkable job of keeping the iOS environment, now
more than 5 years old, malware free.

But services like Zeusmos and Kuaiyong remind us that
iOS isn't impregnable. Now may be the time for iOS users to
learn how to protect themselves on a platform that has maintained
a fairly sterile environment up until now.

Despite the new threat, criminals and hackers have to work hard
to get iPhone users to install bad apps on their phone.

Because of that challenge, the bulk of mobile-device attacks will
be focused on the Android platform for quite some time.